General
-
Target
c78777069b2552b8d7d1ff4705790f26b7f1fe56545d789d196a59cde1216fdb
-
Size
490KB
-
Sample
230507-lqv3gaec36
-
MD5
6ad96015312a7d7ec92253ba92f8a8a4
-
SHA1
4e4860eb6f634db0d0d02c048cb198c7ea22c09d
-
SHA256
c78777069b2552b8d7d1ff4705790f26b7f1fe56545d789d196a59cde1216fdb
-
SHA512
c31bb4dbdead27e075e790a50ef90c11740900a693e839d6a5874c05d179d521961e418822d37fbb0600e86ec059b38b0a3b67454a2f987607fccabbbd227ab1
-
SSDEEP
12288:1MrYy90TrWCfZppvIR62dKeneeJmBwLuEJbEn:pygrpvIVeDaLuEq
Static task
static1
Behavioral task
behavioral1
Sample
c78777069b2552b8d7d1ff4705790f26b7f1fe56545d789d196a59cde1216fdb.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lada
217.196.96.101:4132
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
c78777069b2552b8d7d1ff4705790f26b7f1fe56545d789d196a59cde1216fdb
-
Size
490KB
-
MD5
6ad96015312a7d7ec92253ba92f8a8a4
-
SHA1
4e4860eb6f634db0d0d02c048cb198c7ea22c09d
-
SHA256
c78777069b2552b8d7d1ff4705790f26b7f1fe56545d789d196a59cde1216fdb
-
SHA512
c31bb4dbdead27e075e790a50ef90c11740900a693e839d6a5874c05d179d521961e418822d37fbb0600e86ec059b38b0a3b67454a2f987607fccabbbd227ab1
-
SSDEEP
12288:1MrYy90TrWCfZppvIR62dKeneeJmBwLuEJbEn:pygrpvIVeDaLuEq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-